Resource Type: AWS > RDS > DB Instance

The DB Instance resource type is a database instance that can be created and managed on the AWS platform. It provides a scalable and secure environment for running and managing databases in the cloud.

Resource Context

DB Instance is a part of the RDS service.

Each DB Instance lives under a Region.

Controls

The primary controls for AWS > RDS > DB Instance are:

It is also targeted by these controls:

AWS > CIS v1.4 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.01 - Ensure that encryption is enabled for RDS Instances (Automated)
AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.01 - Ensure that encryption-at-rest is enabled for RDS Instances
AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.02 - Ensure Auto Minor Version Upgrade feature is Enabled for RDS Instances
AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.03 - Ensure that public access is not given to RDS Instance
AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.01 - Ensure that encryption-at-rest is enabled for RDS Instances
AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.02 - Ensure Auto Minor Version Upgrade feature is Enabled for RDS Instances
AWS > CIS v3.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.03 - Ensure that public access is not given to RDS Instance
AWS > HIPAA > RDS > Database logging should be enabled
AWS > HIPAA > RDS > RDS DB instance backup should be enabled
AWS > HIPAA > RDS > RDS DB instance encryption at rest should be enabled
AWS > HIPAA > RDS > RDS DB instance multiple az should be enabled
AWS > HIPAA > RDS > RDS DB instance should be protected by backup plan
AWS > HIPAA > RDS > RDS DB instances should be in a backup plan
AWS > HIPAA > RDS > RDS DB instances should prohibit public access
AWS > NIST 800-53 > RDS > Database logging should be enabled
AWS > NIST 800-53 > RDS > RDS DB instance and cluster enhanced monitoring should be enabled
AWS > NIST 800-53 > RDS > RDS DB instance backup should be enabled
AWS > NIST 800-53 > RDS > RDS DB instance encryption at rest should be enabled
AWS > NIST 800-53 > RDS > RDS DB instance multiple az should be enabled
AWS > NIST 800-53 > RDS > RDS DB instances should be in a backup plan
AWS > NIST 800-53 > RDS > RDS DB instances should have deletion protection enabled
AWS > NIST 800-53 > RDS > RDS DB instances should prohibit public access
AWS > PCI v3.2.1 > RDS > 2 RDS DB Instances should prohibit public access

Quick Actions

In Your Workspace

Developers

Resource Type URI

tmod:@turbot/aws-rds#/resource/types/dbInstance

Category URI

tmod:@turbot/turbot#/resource/categories/database

GraphQL

query resource(id: "tmod:@turbot/aws-rds#/resource/types/dbInstance") { … }

query resourceActivities(filter: "resourceId:'tmod:@turbot/aws-rds#/resource/types/dbInstance'") { … }

mutation createResource(input: { … })

mutation updateResource(input: { … })

CLI

Get Resource

turbot graphql resource --id "tmod:@turbot/aws-rds#/resource/types/dbInstance"

Steampipe Query

Get Resource

select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/aws-rds#/resource/types/dbInstance';

Get Policy Settings (By Resource ID)

select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/aws-rds#/resource/types/dbInstance"';

Get Resource Notification

select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/aws-rds#/resource/types/dbInstance' and notification_type in ('resource_updated', 'resource_created');